Framework/Core/AzureMonitoring/OMSMonitoring.ps1

Set-StrictMode -Version Latest 

class OMSMonitoring: CommandBase
{
    [string] $OMSSampleViewTemplateFilepath;
    [string] $OMSSearchesTemplateFilepath;
    [string] $OMSAlertsTemplateFilepath;
    [string] $OMSGenericTemplateFilepath;
    
    [string] $OMSLocation;
    [string] $OMSResourceGroup;
    [string] $OMSWorkspaceName;
    [string] $OMSWorkspaceId;
    [string] $ApplicationSubscriptionName

    OMSMonitoring([string] $_omsSubscriptionId,[string] $_omsResourceGroup,[string] $_omsWorkspaceId, [InvocationInfo] $invocationContext): 
        Base([string] $_omsSubscriptionId, $invocationContext) 
    {     
        
            
                    $this.OMSResourceGroup = $_omsResourceGroup
                    $this.OMSWorkspaceId = $_omsWorkspaceId
                    $omsWorkSpaceInstance = Get-AzureRmOperationalInsightsWorkspace | Where-Object {$_.CustomerId -eq "$_omsWorkspaceId" -and $_.ResourceGroupName -eq  "$($this.OMSResourceGroup)"}
                    if($null -eq $omsWorkSpaceInstance)
                    {
                        throw [SuppressedException] "Invalid OMS Workspace."
                    }
                    $this.OMSWorkspaceName = $omsWorkSpaceInstance.Name;
                    $locationInstance = Get-AzureRmLocation | Where-Object { $_.DisplayName -eq $omsWorkSpaceInstance.Location -or  $_.Location -eq $omsWorkSpaceInstance.Location } 
                    $this.OMSLocation = $locationInstance.Location
                
        
    }

    [void] ConfigureOMS([string] $_viewName, [bool] $_validateOnly)    
    {        
        $this.PublishCustomMessage("WARNING: This command will overwrite the existing AzSK Security View that you may have installed using previous versions of AzSK, Please take a backup using 'Export' option available on the OMS portal.`n", [MessageType]::Warning);
        $input = Read-Host "Enter 'Y' to continue and 'N' to skip installation (Y/N)"
        while ($input -ne "y" -and $input -ne "n")
        {
        if (-not [string]::IsNullOrEmpty($input)) {
            $this.PublishCustomMessage(("Please select an appropriate option.`n" + [Constants]::DoubleDashLine), [MessageType]::Warning)
                  
        }
        $input = Read-Host "Enter 'Y' to continue and 'N' to skip installation (Y/N)"
        $input = $input.Trim()
                
        }
        if ($input -eq "y") 
        {
            $this.PublishCustomMessage([Constants]::DoubleDashLine + "`r`nStarted setting up AzSK OMS solution pack`r`n"+[Constants]::DoubleDashLine);
        
            $OptionalParameters = New-Object -TypeName Hashtable

            $OMSLogPath = [Constants]::AzSKTempFolderPath + "\OMS";
            if(-not (Test-Path -Path $OMSLogPath))
            {
                mkdir -Path $OMSLogPath -Force | Out-Null
            }
                    
            $genericViewTemplateFilepath = [ConfigurationManager]::LoadServerConfigFile("AZSK.AM.OMS.GenericView.V2.omsview");                 
            $this.OMSGenericTemplateFilepath = $OMSLogPath+"\AZSK.AM.OMS.GenericView.V2.omsview";
            $genericViewTemplateFilepath | ConvertTo-Json -Depth 100 | Out-File $this.OMSGenericTemplateFilepath
            $this.PublishCustomMessage("`r`nSetting up OMS AzSK generic view.");
            $this.ConfigureGenericView($_viewName, $_validateOnly);            
            $this.PublishCustomMessage([Constants]::SingleDashLine + "`r`nThe OMS view installed contains a basic set of queries over DevOps Kit scan events. Please feel free to customize them once you get familiar with the queries.`r`nWe also periodically publish updated/richer queries at: https://aka.ms/azsk/omsqueries. `r`n",[MessageType]::Warning);
            $this.PublishCustomMessage([Constants]::SingleDashLine + "`r`nCompleted setting up AzSK OMS solution pack.`r`n"+[Constants]::DoubleDashLine);
        }
        if ($input -eq "n")
        {
            $this.PublishCustomMessage("Skipping installation of AzSK OMS solution pack...`n" , [MessageType]::Info)
            return;
        }
    }

    [void] ConfigureGenericView([string] $_viewName, [bool] $_validateOnly)
    {
        $OptionalParameters = New-Object -TypeName Hashtable

        $OptionalParameters = $this.GetOMSGenericViewParameters($_viewName);
        $this.PublishCustomMessage([MessageData]::new("Starting template deployment for OMS generic view. Detailed logs are shown below."));
        $ErrorMessages = @()
        if ($_validateOnly) {
            $ErrorMessages =@()
                Test-AzureRmResourceGroupDeployment -ResourceGroupName $this.OMSResourceGroup `
                                                    -TemplateFile $this.OMSGenericTemplateFilepath `
                                                    -TemplateParameterObject $OptionalParameters -Verbose
        }
        else {

            $ErrorMessages =@()
            $SubErrorMessages = @()
            New-AzureRmResourceGroupDeployment -Name ((Get-ChildItem $this.OMSGenericTemplateFilepath).BaseName + '-' + ((Get-Date).ToUniversalTime()).ToString('MMdd-HHmm')) `
                                        -ResourceGroupName $this.OMSResourceGroup `
                                        -TemplateFile $this.OMSGenericTemplateFilepath  `
                                        -TemplateParameterObject $OptionalParameters `
                                        -Verbose -Force -ErrorVariable SubErrorMessages
            $SubErrorMessages = $SubErrorMessages | ForEach-Object { $_.Exception.Message.TrimEnd("`r`n") }
            $ErrorMessages += $SubErrorMessages
           
        }
        if ($ErrorMessages)
        {
            "", ("{0} returned the following errors:" -f ("Template deployment", "Validation")[[bool]$_validateOnly]), @($ErrorMessages) | ForEach-Object { $this.PublishCustomMessage([MessageData]::new($_));}
        }
        else
        {
            $this.PublishCustomMessage([MessageData]::new("Completed template deployment for OMS generic view."));            
        }
    }

    [Hashtable] GetOMSGenericViewParameters([string] $_applicationName)
    {
        [Hashtable] $omsParams = $this.GetOMSBaseParameters();
        $omsParams.Add("viewName",$_applicationName);
        return $omsParams;
    }

    [Hashtable] GetOMSBaseParameters()
    {
        [Hashtable] $omsParams = @{};
        $omsParams.Add("omsWorkspaceLocation",$this.OMSLocation);
        $omsParams.Add("omsResourcegroup",$this.OMSResourceGroup);
        $omsParams.Add("omsSubscriptionId",$this.SubscriptionContext.SubscriptionId);
        $omsParams.Add("omsWorkspaceName",$this.OMSWorkspaceName);
        return $omsParams;
    }
    
}